Creates a User.

POST 
/Users

The endpoint used to create a User resource. There are attributes marked as 'returned only by request', such as roles, which must be provided as part of the attributes query parameter in order to be included in the response.

Request

Query Parameters

attributes string

A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.

excludedAttributes string

A comma-separated list of attributes to exclude from the response. Some attributes cannot be excluded.

application/scim+json

Body

required

userName stringrequired

Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. This attribute cannot be changed.

name

The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.

formatted string

The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.

familyName string

The family name of the User, or Last Name in most Western languages

givenName string

The given name of the User, or First Name in most Western languages

displayName string

The name of the User, suitable for display to end-users. The name should be the full name of the User being described.

userType string

The type of the User, identifying the relationship between the organization and the User.

active boolean

A Boolean value indicating the User’s administrative status.

password string

The User's case-sensitive cleartext password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password. This attribute will never be returned in a response.

emails undefined[]
Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., [email protected] instead of [email protected]. Canonical Type values of work, home, and other.
Array [
type string
Type of email address (work, home, other).
value email
Canonicalized email address.
primary boolean
A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
]
urn:ietf:params:scim:schemas:sailpoint:1.0:User

capabilities string[]

Capabilities assigned to this User.

administrator

The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.

displayName string

The display name of the Administrator of RPA user or Service account.

value string

The id of the SCIM resource representing the Administrator of RPA user or Service account.

$ref string

The URI of the SCIM resource representing the Administrator of RPA user or Service Account.

softwareVersion string

The software version of the RPA/Bots.

empId string

Employee id associated with this User.

dn string

Distinguished name for this User.

region string

The region this User is assigned to.

regionOwner

The User who owns the region that this resource (User) belongs to.

displayName string

Display name of the region owner.

value string

The id of the region owner.

$ref string

URI reference of the region owner resource.

location string

The location this User is assigned to.

locationOwner object

The User who owns the location that this resource (User) belongs to.

displayName string

Display name of the location owner.

value string

The id of the location owner.

$ref string

URI reference to the location owner resource.

Department string

Department this User is assigned to.

costcenter string[]

Cost centers this User is associated with.

jobtitle string

Job title given to this User.

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

Enterprise User Schema. Contains the manager of the User.

manager

Manager of the user.

displayName string

Display name of the manager.

value string

The id of the manager.

$ref string

Reference to the manager resource.

*/*

Body

required

userName stringrequired

Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. This attribute cannot be changed.

name

The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.

formatted string

The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.

familyName string

The family name of the User, or Last Name in most Western languages

givenName string

The given name of the User, or First Name in most Western languages

displayName string

The name of the User, suitable for display to end-users. The name should be the full name of the User being described.

userType string

The type of the User, identifying the relationship between the organization and the User.

active boolean

A Boolean value indicating the User’s administrative status.

password string

The User's case-sensitive cleartext password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password. This attribute will never be returned in a response.

emails undefined[]
Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., [email protected] instead of [email protected]. Canonical Type values of work, home, and other.
Array [
type string
Type of email address (work, home, other).
value email
Canonicalized email address.
primary boolean
A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
]
urn:ietf:params:scim:schemas:sailpoint:1.0:User

capabilities string[]

Capabilities assigned to this User.

administrator

The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.

displayName string

The display name of the Administrator of RPA user or Service account.

value string

The id of the SCIM resource representing the Administrator of RPA user or Service account.

$ref string

The URI of the SCIM resource representing the Administrator of RPA user or Service Account.

softwareVersion string

The software version of the RPA/Bots.

empId string

Employee id associated with this User.

dn string

Distinguished name for this User.

region string

The region this User is assigned to.

regionOwner

The User who owns the region that this resource (User) belongs to.

displayName string

Display name of the region owner.

value string

The id of the region owner.

$ref string

URI reference of the region owner resource.

location string

The location this User is assigned to.

locationOwner object

The User who owns the location that this resource (User) belongs to.

displayName string

Display name of the location owner.

value string

The id of the location owner.

$ref string

URI reference to the location owner resource.

Department string

Department this User is assigned to.

costcenter string[]

Cost centers this User is associated with.

jobtitle string

Job title given to this User.

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

Enterprise User Schema. Contains the manager of the User.

manager

Manager of the user.

displayName string

Display name of the manager.

value string

The id of the manager.

$ref string

Reference to the manager resource.

Responses

201

Creates a User and returns the resultant User.

application/json

Schema

Schema

id string

IdentityIQ id of the User.

userName string

Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. Cannot be changed.

name

The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.

formatted string

The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.

familyName string

The family name of the User, or Last Name in most Western languages

givenName string

The given name of the User, or First Name in most Western languages

displayName string

The name of the User, suitable for display to end-users. The name should be the full name of the User being described.

userType string

The type of the User, identifying the relationship between the organization and the User.

active boolean

A Boolean value indicating the User’s administrative status.

emails undefined[]
Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., [email protected] instead of [email protected]. Canonical Type values of work, home, and other.
Array [
type string
Type of email address (work, home, other).
value email
Canonicalized email address.
primary boolean
A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
]
urn:ietf:params:scim:schemas:sailpoint:1.0:User object

Additional attributes of the User.

accounts undefined[]

Simple representation of the Account (or Link) ResourceType.

Array [

displayName string

The display name of the Account.

value string

The id of the SCIM resource representing the Account.

$ref string

The URI of the SCIM resource representing the Account.

]

entitlements undefined[]

Entitlements of the User. Returned in response only if requested using the 'attributes' query parameter.

Array [

value string

The value of the Entitlement.

display string

The display name of the Entitlement.

type string

The type of Entitlement (Entitlement, Permission, etc.).

application string

The name of the Application this Entitlement applies to.

accountName string

The account this Entitlement was sourced from.

$ref string

The URI of the SCIM resource representing the Entitlement.

]

roles undefined[]

Roles of the User. Returned only if requested. Returned in response only if requested using the 'attributes' query parameter.

Array [

value string

The value of the Role.

display string

The display name of the Role.

type string

The type of Role (IT, Business, etc.).

acquired string

Indicates how this Role was acquired. Assigned or Detected.

application string

The name of the Application where this Role came from.

accountName string

The name of the Account this Role was sourced from.

$ref string

The URI of the SCIM resource representing the Role.

]

capabilities string[]

Capabilities assigned to this User.

riskScore integer

Composite Risk Score of this User.

isManager boolean

A Boolean value that determines if this User is a manager.

administrator

The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.

displayName string

The display name of the Administrator of RPA user or Service account.

value string

The id of the SCIM resource representing the Administrator of RPA user or Service account.

$ref string

The URI of the SCIM resource representing the Administrator of RPA user or Service Account.

softwareVersion string

The software version of the RPA/Bots.

empId string

Employee id associated with this User.

dn string

Distinguished name for this User.

region string

The region this User is assigned to.

regionOwner

The User who owns the region that this resource (User) belongs to.

displayName string

Display name of the region owner.

value string

The id of the region owner.

$ref string

URI reference of the region owner resource.

location string

The location this User is assigned to.

locationOwner object

The User who owns the location that this resource (User) belongs to.

displayName string

Display name of the location owner.

value string

The id of the location owner.

$ref string

URI reference to the location owner resource.

Department string

Department this User is assigned to.

costcenter string[]

Cost centers this User is associated with.

jobtitle string

Job title given to this User.

lastRefresh date-time

Datetime representation of the last refresh for this User.

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

Enterprise User Schema. Contains the manager of the User.

manager

Manager of the User.

displayName string

Display name of the User's manager.

value string

The id of the SCIM resource representing the User’s manager.

$ref string

The URI of the SCIM resource representing the User’s manager.

meta

Metadata of the resource.

created date-time

Datetime this resource was created.

location string

The location of the resource.

lastModified date-time

Datetime the resource was last modified.

version string

The version of the resource.

resourceType string

The SCIM resource type.

schemas string[]

The schemas involved in the SCIM resource.

Example (from schema)

{
  "id": "c0b4568a4fe7458c434ee77d1fbt156b",
  "userName": "Mock.User",
  "name": {
    "formatted": "Ms. Barbara J Jensen, III",
    "familyName": "Jensen",
    "givenName": "Barbara"
  },
  "displayName": "Barbara Jensen",
  "userType": "employee",
  "active": true,
  "emails": [
    {
      "type": "work",
      "value": "[email protected]",
      "primary": "true"
    }
  ],
  "urn:ietf:params:scim:schemas:sailpoint:1.0:User": {
    "accounts": [
      {
        "displayName": "Bob.Smith",
        "value": "c0a7778b7ef71e79817ee74e6a1f0444",
        "$ref": "http://localhost:8080/iiq/scim/v2/Accounts/c0a7778b7ef71e79817ee74e6a1f0444"
      }
    ],
    "entitlements": [
      {
        "value": "groupmbr",
        "display": "HelpDesk",
        "type": "Permission",
        "application": "ADMockApp",
        "accountName": "CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com",
        "$ref": "http://localhost:8080/iiq/scim/v2/Entitlements/c0a7777a7f74744d817e74fc12362c67"
      }
    ],
    "roles": [
      {
        "value": "detectedRoles",
        "display": "User - IT",
        "type": "it",
        "acquired": "Assigned",
        "application": "Active_Directory",
        "accountName": "CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com",
        "$ref": "http://localhost:8080/iiq/scim/v2/Roles/c0a7777a7f74744d817e74fc12362c67"
      }
    ],
    "capabilities": "[\"SystemAdministrator\"]",
    "riskScore": 125,
    "isManager": false,
    "administrator": {
      "displayName": "Bob Smith",
      "value": "c0a7777a7f74744d817e74fc12362c67O",
      "$ref": "http://localhost:8080/iiq/scim/v2/Users/c0a7777a7f74744d817e74fc12362c67"
    },
    "softwareVersion": "7.3",
    "empId": "1b2a3c",
    "dn": "cn=Bob Smith,ou=services",
    "region": "Americas",
    "regionOwner": {
      "displayName": "Joe Smith",
      "value": "c0b4568a4fe7458c434ee77d1fbt156b",
      "$ref": "http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b"
    },
    "location": "Singapore",
    "locationOwner": {
      "displayName": "Bob Smith",
      "value": "c0a7778b7ef71e79817ee74e6a1f0444",
      "$ref": "http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444"
    },
    "Department": "Regional Operations",
    "costcenter": [
      "CC01",
      "DD02"
    ],
    "jobtitle": "Internal Audit Manager",
    "lastRefresh": "2024-05-02T16:11:15.839Z"
  },
  "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
    "manager": {
      "displayName": "Bob Smith",
      "value": "c7a7347a7fe71e69077ee75f5d1f1237",
      "$ref": "http://localhost:8080/iiq/scim/v2/Users/c7a7347a7fe71e69077ee75f5d1f1237"
    }
  },
  "meta": {
    "created": "2022-02-11T01:34:04.074-05:00",
    "location": "http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b",
    "lastModified": "2022-02-11T01:08:45.866-05:00",
    "version": "W\"1644561244074\"",
    "resourceType": "User"
  },
  "schemas": [
    "urn:ietf:params:scim:schemas:sailpoint:1.0:User",
    "urn:ietf:params:scim:schemas:core:2.0:User",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
  ]
}

409

Returned if userName is not unique.

application/json

Schema

Schema

schemas string[]

SCIM Schemas used in response.

scimType string

Type of problem that exists for request.

detail string

Explanation for the the problem with the request.

status string

HTTP status code of the response.

Example (from schema)

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "scimType": "uniqueness",
  "detail": "Resource already exists:Mock.User",
  "status": "409"
}

Loading...